On my advertising system, once advertisers have signed up, they can login at a form on a login page.
The login page script checks the password and login name are ok, and if so, it redirects them to a page which displays all their adverts with stats etc.
So, when it redirects them to the advert listing page, the php is:
So as you can see, it is unsafe, because the password is in the url.
$location = "advertiserhome.php?login=$login&password=adpassword";
header ("Location: $location");
What I would like to do is encrypt it, and then decrypt it on the page it redirects to.
It might sound like this is needless, but honestly, it isn't.
Does anyone know how I could encrypt and decrypt it?
Why don't you just register them as session variables so they will be persistent adn you will not need to append them to the url string.
Yes, using session management is the best soln.
Some good tutorial could be find at phpbuilder.com and devshed.com
Note: Only in PHP4. With PHP3 you need to use extra library
What are session variables!
How do I pass them across without them being seen..
(remember, I am redirecting in the form:
header ("Location: BLAHBLAH");
Session variable will be username and password
Just before the redirection, you will have to register those session variables so the info could be passed throughout other pages
Basically you would call
at the top of every page you want access to session data, then once the user is authorized you can register the variables so for instance if you form has username and password once they get validated you could use:
then on every page that you call session_start();
you can call $username and $password its that simple
I usually stick something like this on top of every protected page to make sure the person is indeed logged in.